Cybersecurity Glossary

Today’s attackers are taking advantage of changing business dynamics to target people everywhere they work. Staying current on the latest attack vectors and threats is an essential part of securing the enterprise against breaches and compromised data.

  • A

    Advanced Persistent Threat (APT)

    A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period.
  • Adware

    Adware is unwanted software that automatically displays or downloads advertisements, often without the user's consent, to generate revenue for its developer and most often within a web browser.
  • Air Gap

    An air gap is a security measure that involves isolating a computer or network from other networks, particularly unsecured ones, such as the public internet. This method is used to prevent unauthorized access to sensitive systems.
  • B

    Botnet

    A network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g., to send spam messages.
  • Brute Force Attack

    A brute force attack is a trial-and-error method used by hackers to guess passwords, encryption keys, or login credentials by systematically trying all possible combinations until the correct one is found.
  • C

    Chain of Custody

    Documentation that shows how evidence has been collected, analysed, and preserved to be presented in court.
  • Clickjacking

    Clickjacking is a malicious technique in which a user is tricked into clicking on something different from what they perceive, often by overlaying a deceptive user interface. This can lead to unauthorized actions or information disclosure.
  • Cloud Security

    Cloud security refers to the technologies, policies, controls, and services used to protect data, applications, and infrastructure associated with cloud computing. It aims to safeguard against threats such as data breaches, unauthorized access, and DDoS attacks.
  • Credential Stuffing

    Credential stuffing is a cyberattack that involves using stolen username and password pairs to gain unauthorized access to user accounts. This attack exploits the common habit of reusing passwords across multiple sites.
  • Cryptocurrency Mining Malware

    Malware that uses a computer's resources to mine cryptocurrency without the user's consent.
  • Cryptojacking

    Cryptojacking is a type of cyberattack in which hackers secretly use a victim's computing resources to mine cryptocurrency, often without the user's knowledge or consent, leading to degraded system performance and increased electricity costs.
  • Cyber Espionage

    The act or practice of obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary or classified).
  • D

    Dark Web

    The dark web is a part of the internet that is not indexed by traditional search engines and is often associated with illegal activities. Access to the dark web requires special software such as Tor (The Onion Router).
  • Data Breach

    A data breach is a security incident where sensitive, confidential, or protected information is accessed, disclosed, or stolen by unauthorised individuals.
  • Data Exfiltration

    Data exfiltration is the unauthorized transfer of data from a computer or network. It is often carried out by malware or hackers aiming to steal sensitive information.
  • DDoS Attack (Distributed Denial of Service)

    An attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
  • Deepfake

    Synthetic media in which a person's likeness has been algorithmically replaced with another's likeness.
  • Denial-of-Service (DoS) Attack

    An interruption in an authorized user's access to a computer network, typically one caused with malicious intent.
  • Digital Forensics

    The process of uncovering and interpreting electronic data for use in a court of law.
  • Drive-by Download

    A drive-by download occurs when malware is automatically downloaded onto a user’s device without their knowledge, often by visiting a compromised website. This type of attack exploits vulnerabilities in the web browser or its plugins.
  • E

    Eavesdropping Attack

    An eavesdropping attack is a cyberattack where an unauthorised party intercepts and listens to private communications over a network, often to steal sensitive information.
  • Encryption

    The process of converting information or data into a code, especially to prevent unauthorised access.
  • Endpoint Detection and Response (EDR)

    Cybersecurity technology that continually monitors and responds to mitigate cyber threats on endpoints.
  • Exploit Kit

    An exploit kit is a toolkit used by cybercriminals to exploit vulnerabilities in software and execute malicious code on a target system. These kits are often used in automated attacks on unpatched systems.
  • F

    Fileless Malware

    Fileless malware operates without leaving a footprint on the hard drive, making it difficult for traditional antivirus software to detect. It exploits existing software, applications, or built-in operating system tools.
  • Firewall

    A network security device that monitors and filters incoming and outgoing network traffic based on an organization’s previously established security policies.
  • G

    Grayware

    Unwanted applications or files that are not classified as malware but can worsen the performance of computers and may cause security risks.
  • H

    Hacking

    Hacking is the act of exploiting vulnerabilities in computer systems or networks to gain unauthorised access, typically for malicious purposes such as stealing data or causing disruption.
  • Heuristic Analysis

    Heuristic analysis is a method used by antivirus software to detect new, previously unknown viruses or malware by examining code behavior. Unlike traditional signature-based detection, it looks for suspicious characteristics and activities.
  • Hoax

    A hoax is a deliberate false warning about a virus or other malware, or misleading information about a security threat, intended to cause unnecessary fear or disruption.
  • Honeypot

    A security mechanism set to detect, deflect, or study attempts at unauthorised use of information systems.
  • I

    Identity and Access Management (IAM)

    Frameworks for business processes that facilitate the management of electronic identities.
  • Identity Theft

    Identity theft occurs when someone unlawfully obtains and uses another person's personal information, usually for financial gain. This can involve stealing data such as credit card numbers, social security numbers, or login credentials.
  • Incident Response Plan (IRP)

    A set of procedures to detect, respond to, and recover from network security incidents.
  • Insider Threat

    A threat to an organization that comes from employees, former employees, contractors, or business associates who have inside information concerning the organisation's security practices.
  • Intrusion Detection System (IDS)

    A device or software application that monitors network or system activities for malicious activities or policy violations.
  • IoT Security

    IoT security refers to the protection of Internet of Things devices and networks from cyberattacks. It involves securing connected devices such as smart home systems, wearables, and industrial equipment.
  • IP Spoofing

    A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
  • J

    Jailbreaking

    Jailbreaking is the process of removing software restrictions on a device, typically a smartphone, to gain unauthorised access to its full functionality.
  • K

    Keylogger

    A keylogger is a type of malware that records keystrokes on a device to steal sensitive information, such as usernames, passwords, and credit card numbers. It operates in the background without the user's knowledge.
  • L

    Logic Bomb

    A logic bomb is malicious code embedded within a legitimate program that is triggered when specific conditions are met, such as a particular date or action. It can cause various harmful effects, such as data deletion or corruption.
  • M

    Malvertising

    Malvertising involves using online advertising to distribute malware by injecting malicious code into ads displayed on legitimate websites. It can infect users' devices without them clicking on the ad.
  • Malware

    Malware is malicious software designed to harm, exploit, or otherwise compromise a computer system, network, or device.
  • Man-in-the-Middle (MitM) Attack

    An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
  • Memory Scraping

    Memory scraping is a technique used by cybercriminals to extract sensitive data directly from a computer's memory. This method is often employed to steal credit card numbers from point-of-sale systems.
  • Mobile Device Management (MDM)

    MDM is a security software used by organizations to manage, monitor, and secure employees' mobile devices, such as smartphones and tablets. It helps enforce security policies and protect corporate data.
  • Multi-factor Authentication (MFA)

    A method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence.
  • N

    Network Sniffing

    Network sniffing is the process of monitoring and capturing data packets traveling across a network to analyse and potentially exploit the information.
  • O

    Open Source Intelligence (OSINT)

    Open Source Intelligence (OSINT) is the collection and analysis of publicly available information to gather actionable insights for security and intelligence purposes.
  • P

    Patch Management

    The process of distributing and applying updates to software to ensure it is up to date and secure.
  • Penetration Testing

    Penetration testing, or ethical hacking, is the practice of simulating cyberattacks to identify and fix security vulnerabilities in systems, networks, or applications. It is a proactive approach to improving security defences.
  • Pharming

    Pharming is a cyber attack where users are redirected to fraudulent websites to steal sensitive information, typically through DNS poisoning.
  • Phishing

    The attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
  • Privilege Escalation

    A situation where an attacker with some level of restricted access is able to, without authorization, elevate their privileges or access level.
  • Public Key Infrastructure (PKI)

    A set of roles, policies, hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption.
  • Q

    Quick Response (QR) Code Tampering

    Quick Response (QR) Code Tampering involves altering a QR code to redirect users to malicious websites or execute harmful actions when scanned.
  • R

    Ransomware

    Ransomware is a type of malicious software that encrypts a victim's data, demanding a ransom payment to restore access.
  • Ransomware-as-a-Service (RaaS)

    RaaS is a business model in which ransomware creators lease their malware to other cybercriminals, who then use it to conduct attacks. This service often includes customer support and profit-sharing arrangements.
  • Red Teaming

    Red teaming is an advanced security testing method where a group simulates real-world cyberattacks to test an organization’s defenses. It provides a comprehensive assessment of security weaknesses.
  • Rootkit

    A set of software tools that enable an unauthorized user to gain control of a computer system without being detected.
  • S

    Sandboxing

    Sandboxing is a security mechanism that isolates applications in a controlled environment to prevent malware from affecting the broader system. It is commonly used to safely test untrusted code or files.
  • Secure Sockets Layer (SSL)

    A standard security technology for establishing an encrypted link between a server and a client.
  • Session Hijacking

    Session hijacking occurs when an attacker takes control of a user's session, often by stealing session cookies, to gain unauthorized access to a web application. This can lead to data theft or unauthorized actions on the victim's account.
  • Shoulder Surfing

    Shoulder surfing is a social engineering tactic where attackers physically observe a victim entering sensitive information, such as passwords or PINs. It typically occurs in public places like cafes or airports.
  • Side-Channel Attack

    A side-channel attack exploits indirect information, such as electromagnetic leaks or power consumption, to gather sensitive data from a system. These attacks bypass traditional security measures by analyzing hardware behavior.
  • SIEM (Security Information and Event Management)

    Software solutions that provide real-time analysis of security alerts generated by applications and network hardware.
  • Skimming

    Skimming involves using a device to capture payment card details from ATMs, gas pumps, or point-of-sale terminals. The stolen data is then used for fraudulent transactions or sold on the dark web.
  • Social Engineering

    The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
  • Spear Phishing

    An email targeted at a specific individual or department within an organization that appears to be from a trusted source. It's actually a phishing attempt.
  • Spoofing

    Faking the sending address of a transmission to gain unauthorised entry into a secure system.
  • SQL Injection

    A type of security exploit in which the attacker adds Structured Query Language (SQL) code to a web form input box to gain access to resources or make changes to data.
  • T

    Threat Intelligence

    Information used to understand the threats that have, will, or are currently targeting the organisation.
  • Tokenisation

    The process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value.
  • Trojan Horse

    Any malicious computer program which misleads users of its true intent.
  • Two-Factor Authentication (2FA)

    A security process in which users provide two distinct forms of identification to access their account.
  • U

    URL Injection

    A type of attack where the attacker creates new pages on the target site filled with spammy words or malicious scripts.
  • V

    Virus

    A type of malicious software program that, when executed, replicates itself by modifying other computer programs and inserting its own code.
  • Vishing

    The fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies to induce individuals to reveal personal information, such as bank details and credit card numbers.
  • VPN (Virtual Private Network)

    Extends a private network across a public network, enabling users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
  • Vulnerability Assessment

    The process of identifying, quantifying, and prioritising (or ranking) the vulnerabilities in a system.
  • W

    Wardriving

    Searching for Wi-Fi wireless networks by a person in a moving vehicle, using a laptop or smartphone.
  • Whaling

    Whaling is a targeted phishing attack that focuses on high-profile executives and other high-profile targets to steal sensitive information or gain unauthorised access to systems.
  • Whitelisting

    Whitelisting is a cybersecurity practice that involves creating a list of approved entities, such as IP addresses, applications, or email addresses, that are allowed access to a system or network.  Essentially it is a security process that allows only pre-approved software to run on a system.
  • Z

    Zero-Day Attack

    An attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of.